Help People in Iran Reconnect to Signal – a Request to Our Community: Run a Signal Proxy

The proxy is extremely lightweight. An inexpensive and tiny VPS can easily handle hundreds of concurrent users.Unlike a standard HTTP proxy, connections to the Signal TLS Proxy look just like regular encrypted web traffic. There’s no CONNECT method in a plaintext request to reveal to censors that a proxy is being used. Valid TLS certificates are provisioned for every proxy server, making it more difficult for censors to fingerprint the traffic than it would be if static self-signed certificates were used instead. In short, everything is designed to blend into the background as much as possible.The Signal client establishes a normal TLS connection with the proxy, and the proxy simply forwards any bytes it receives to the actual Signal service. Any non-Signal traffic is blocked. Additionally, the Signal client still negotiates its standard TLS connection with the Signal endpoints through the tunnel.This means that in addition to the end-to-end encryption that protects everything in Signal, all traffic remains opaque to the proxy operator.

Leave a Reply

Your email address will not be published. Required fields are marked *